Unrated severityNVD Advisory· Published Jul 8, 2025· Updated Jul 8, 2025

Multiple vulnerabilities in SAP NetWeaver Application Server ABAP

CVE-2025-42956

Description

SAP NetWeaver Application Server ABAP and ABAP Platform allows an unauthenticated attacker to create a malicious link which they can make publicly available. When an authenticated victim clicks on this malicious link, injected input data will be used by the web site page generation to create content which when executed in the victim's browser leading to low impact on Confidentiality and Integrity with no effect on Availability of the application.

Affected products

SAP/Sap Netweaver And Abap Platform (application Server Abap)llm-fuzzy
SAP/Netweaver Abap Application Serverllm-fuzzy
SAP/Sap Netweaver Application Server Abapv5
Range: SAP_BASIS 700

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

me.sap.com/notes/3617131mitre
url.sap/sapsecuritypatchdaymitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000